Sonic.net

Over the past month I have been getting a steady trickle of spam sent through Salesforce owned IP addresses to my address which is on a hosted domain here at Sonic. Roughly 75% are caught by Spamassassin. The spam come from multiple domains, usually three words strung together, and seem to be anti-Democrat and pro-crypto. The subjects are not consistent. The spam originate from a variety of IPs but they all have 2 DKIM signatures, one for the domain in the email and another for a Salesforce domain,(x).y.mc.salesforce.com. I have been submitting reports to Salesforce abuse but more spam from different domains keep coming.

I know I can go into member settings and block each domain as they come in but that seems tedious and I wonder how long the list will get over time. Does anyone know of a better way of blocking these mails other than just adding the domains in blocklist in member tools?

-Darren

Have found filtering all mail from 128.245/16 to be a great help. Tarpitting the whole /16 would be better.

fmc wrote: ↑Sun Nov 24, 2024 8:52 pm Have found filtering all mail from 128.245/16 to be a great help. Tarpitting the whole /16 would be better.

Where in members tools can I setup a blocklist by IP address? I see a page where I can add entries for trusted networks but I don't see an option for something like untrusted networks.

-Darren

No idea. I don't really use Sonic for e-mail.

I do sometimes do horrible things with procmail to pre-filter the spam out of my inbox though.